Enlarge (credit: Michael Theis / Flickr)
Data centers around the world have a new concern to contend with—a remote code vulnerability in a widely used VMware product. The vulnerability has a severity score of 9.8 out of 10.
The security flaw, which VMware disclosed and patched on Tuesday, resides in the vCenter Server, a tool used for managing virtualization in large data centers. It’s used to administer VMware’s vSphere and ESXi host products, which by some rankings are the Nos. 1 and 2 most popular virtualization solutions on the market. Enlyft, a site that provides business intelligence, shows that more than 43,000 organizations use vSphere.
“Serious”
A VMware advisory said that vCenter machines using default configurations have a bug that allows for the execution of malicious code when they’re reachable on a port that’s exposed to the Internet in many networks. The vulnerability, tracked as CVE-2021-21985, has a severity rating of 9.8 out of a possible 10.
